FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 5: Risk Management

Show Answer

Share

---

All types

Filters

Study Flashcards

Question 1

True/False

Review LaterAdd Note

Review Later

Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets.

Correct Answer

verified

Show Answer

Question 2

Essay

Review LaterAdd Note

Review Later

Of the three types of mitigation plans, the ____________________ plan is the most strategic and long-term, as it focuses on the steps to ensure the continuation of the organization.

Correct Answer

verified

BC
Business Continui...

View Answer

Show Answer

Question 3

Short Answer

Review LaterAdd Note

____________________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.

_________ addresses are sometimes called electronic serial numbers or hardware addresses.

A(n) qualitative assessment is based on characteristics that do not use numerical measures. _________________________

The __________ is the difference between an organization's observed and desired performance.

____________________ include information and the systems that use, store, and transmit information.

__________ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.

The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment.

The _________ control strategy attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.

Benchmarking is the process of comparing other organizations' activities against the practices used in one's own organization to produce results it would like to duplicate. _________________________

__________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.

The formal decision-making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) __________.

Using the simplified information classification scheme outlined in the text, all information that has been approved by management for public release has a(n) ____________________ classification.

The computed value of the ALE compares the costs and benefits of a particular control alternative to determine whether the control is worth its cost. _________________________

The first phase of risk management is _________.

The most common example of a mitigation procedure is a contingency plan. _________________________

The __________ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

The value of information to the organization's competition should influence the asset's valuation.

When it is necessary to calculate, estimate, or derive values for information assets, you might give consideration to the value incurred from the cost of protecting the information.